The Precision Time Protocol (PTP) aims to provide highly accurate and synchronized clocks. Its defining standard, IEEE 1588, has a security section ('Annex K') which relies on symmetric-key cryptography. In this paper we present a detailed threat analysis of the PTP standard, in which we highlight the security properties that should be addressed by any security extension. During this analysis we identify a sequence of new attacks and suggest non-cryptographic network-based defenses that mitigate them. We then suggest to replace Annex K's symmetric cryptography by an efficient elliptic-curve Public-Key signatures. We implemented all our attacks to demonstrate their effectiveness, and also implemented and evaluated both the network and cryptographic defenses. Our results show that the proposed schemes are extremely practical, and much more secure than previous suggestions.
|Number of pages||13|
|Journal||IEEE Transactions on Dependable and Secure Computing|
|State||Published - 1 Jan 2020|
- Digital signatures
- time dissemination